CVE-2009-1710
Vulnerability from cvelistv5
Published
2009-06-10 17:37
Modified
2024-08-07 05:20
Severity ?
EPSS score ?
Summary
WebKit in Apple Safari before 4.0 allows remote attackers to spoof the browser's display of (1) the host name, (2) security indicators, and unspecified other UI elements via a custom cursor in conjunction with a modified CSS3 hotspot property.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T05:20:35.193Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "43068", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/43068" }, { "name": "ADV-2011-0212", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2011/0212" }, { "name": "APPLE-SA-2009-06-08-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html" }, { "name": "safari-uielements-spoofing(51263)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51263" }, { "name": "35340", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/35340" }, { "name": "35260", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/35260" }, { "name": "ADV-2009-1522", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/1522" }, { "name": "37746", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37746" }, { "name": "DSA-1950", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2009/dsa-1950" }, { "name": "SUSE-SR:2011:002", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" }, { "name": "35379", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/35379" }, { "name": "55014", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/55014" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3613" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-06-08T00:00:00", "descriptions": [ { "lang": "en", "value": "WebKit in Apple Safari before 4.0 allows remote attackers to spoof the browser\u0027s display of (1) the host name, (2) security indicators, and unspecified other UI elements via a custom cursor in conjunction with a modified CSS3 hotspot property." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "43068", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/43068" }, { "name": "ADV-2011-0212", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2011/0212" }, { "name": "APPLE-SA-2009-06-08-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html" }, { "name": "safari-uielements-spoofing(51263)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51263" }, { "name": "35340", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/35340" }, { "name": "35260", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/35260" }, { "name": "ADV-2009-1522", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/1522" }, { "name": "37746", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37746" }, { "name": "DSA-1950", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2009/dsa-1950" }, { "name": "SUSE-SR:2011:002", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" }, { "name": "35379", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/35379" }, { "name": "55014", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/55014" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3613" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-1710", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "WebKit in Apple Safari before 4.0 allows remote attackers to spoof the browser\u0027s display of (1) the host name, (2) security indicators, and unspecified other UI elements via a custom cursor in conjunction with a modified CSS3 hotspot property." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "43068", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43068" }, { "name": "ADV-2011-0212", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0212" }, { "name": "APPLE-SA-2009-06-08-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html" }, { "name": "safari-uielements-spoofing(51263)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51263" }, { "name": "35340", "refsource": "BID", "url": "http://www.securityfocus.com/bid/35340" }, { "name": "35260", "refsource": "BID", "url": "http://www.securityfocus.com/bid/35260" }, { "name": "ADV-2009-1522", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/1522" }, { "name": "37746", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37746" }, { "name": "DSA-1950", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2009/dsa-1950" }, { "name": "SUSE-SR:2011:002", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" }, { "name": "35379", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35379" }, { "name": "55014", "refsource": "OSVDB", "url": "http://osvdb.org/55014" }, { "name": "http://support.apple.com/kb/HT3613", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3613" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-1710", "datePublished": "2009-06-10T17:37:00", "dateReserved": "2009-05-20T00:00:00", "dateUpdated": "2024-08-07T05:20:35.193Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2009-1710\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-06-10T18:00:00.750\",\"lastModified\":\"2024-11-21T01:03:09.730\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"WebKit in Apple Safari before 4.0 allows remote attackers to spoof the browser\u0027s display of (1) the host name, (2) security indicators, and unspecified other UI elements via a custom cursor in conjunction with a modified CSS3 hotspot property.\"},{\"lang\":\"es\",\"value\":\"WebKit en Apple Safari anteriores a v4.0 permite a atacantes remotos suplantar en la pantalla del navegador el (1) nombre del equipo, (2) indicadores de seguridad, y otros elementos de la interface del usuario a trav\u00e9s de un cursor personalizado junto a la propiedad hotspot de CSS3 modificada.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:P/I:N/A:N\",\"baseScore\":2.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":4.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:-:mac:*:*:*:*:*\",\"versionEndIncluding\":\"4.0_beta\",\"matchCriteriaId\":\"D72FE38B-BD04-4FC7-AE41-6459CBDF207A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:0.8:-:mac:*:*:*:*:*\",\"matchCriteriaId\":\"7F7275FE-C28A-4067-B9EF-BC99E10188DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:0.9:-:mac:*:*:*:*:*\",\"matchCriteriaId\":\"E2249206-EF91-4168-B7C2-C1DB35CDFA40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:1.0:-:mac:*:*:*:*:*\",\"matchCriteriaId\":\"641D655F-E210-4795-836C-BBF6D90B92E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:1.0.3:-:mac:*:*:*:*:*\",\"matchCriteriaId\":\"A6EED222-BF5E-475A-B255-18041B4A5B26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:1.1:-:mac:*:*:*:*:*\",\"matchCriteriaId\":\"1FC456E7-727C-4932-A0D0-B0D168E8C523\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:1.2:-:mac:*:*:*:*:*\",\"matchCriteriaId\":\"303E4616-1BB6-4D2D-8437-47F3D1B3C13D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:1.3:-:mac:*:*:*:*:*\",\"matchCriteriaId\":\"03C2A522-2D71-4909-B86F-DBEE2C703F83\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:1.3.1:-:mac:*:*:*:*:*\",\"matchCriteriaId\":\"E75B3EAD-A9D3-4497-B3B0-E31E807010A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:1.3.2:-:mac:*:*:*:*:*\",\"matchCriteriaId\":\"F837BE0E-9255-41C5-8E49-57090A574A9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:2.0:-:mac:*:*:*:*:*\",\"matchCriteriaId\":\"B8870C90-A1C9-4D8C-B1EF-9D72D55535EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:2.0.2:-:mac:*:*:*:*:*\",\"matchCriteriaId\":\"586ED537-9BB4-4931-8891-E60740983C4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:2.0.4:-:mac:*:*:*:*:*\",\"matchCriteriaId\":\"73B23547-9710-44E9-A32A-6320C8E7A780\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.0:-:mac:*:*:*:*:*\",\"matchCriteriaId\":\"EBFEED2C-8822-44EB-9296-82862DB14DCE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.0.2:-:mac:*:*:*:*:*\",\"matchCriteriaId\":\"9270F5C4-63B9-48C5-9D6D-9CDA1461205C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.0.3:-:mac:*:*:*:*:*\",\"matchCriteriaId\":\"FD35EC3D-01E2-4FA7-95AC-A2E57C652649\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.0.4:-:mac:*:*:*:*:*\",\"matchCriteriaId\":\"C23C022E-293E-4247-A9AD-2F27C29E92A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.1:-:mac:*:*:*:*:*\",\"matchCriteriaId\":\"75359A0E-823A-45C5-8C61-ABE225FB939F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.1.1:-:mac:*:*:*:*:*\",\"matchCriteriaId\":\"8CFED254-6277-4E5E-B8E7-B5CB1ED3E7FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.1.2:-:mac:*:*:*:*:*\",\"matchCriteriaId\":\"F8283078-D722-40AC-AF7A-7BC9AD19D051\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.2.1:-:mac:*:*:*:*:*\",\"matchCriteriaId\":\"66132AA6-F3EA-408D-9C43-8E6C577C8F72\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.2.3:-:mac:*:*:*:*:*\",\"matchCriteriaId\":\"D8CFE8E7-B970-4B86-99E9-AC3F8626737C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:-:windows:*:*:*:*:*\",\"versionEndIncluding\":\"3.2.3\",\"matchCriteriaId\":\"7E203D81-FABE-4A63-8930-1DA15A86E113\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.0:-:windows:*:*:*:*:*\",\"matchCriteriaId\":\"49875E29-AA30-4D96-9ED9-538823DD5E1C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.0.1:-:windows:*:*:*:*:*\",\"matchCriteriaId\":\"D6C733F3-F5D4-4CF1-866D-61FF9D81D1B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.0.2:-:windows:*:*:*:*:*\",\"matchCriteriaId\":\"C5471735-D9C0-491B-9A6A-07B39AA215CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.0.3:-:windows:*:*:*:*:*\",\"matchCriteriaId\":\"1E5C52F3-2109-40FD-9945-A9A9D42C076E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.0.4:-:windows:*:*:*:*:*\",\"matchCriteriaId\":\"151DEB6D-5857-4B0B-8449-5735768024A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.1:-:windows:*:*:*:*:*\",\"matchCriteriaId\":\"AC7E7F65-8F3B-42F8-8B2D-9EA1CC4A4300\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.1.1:-:windows:*:*:*:*:*\",\"matchCriteriaId\":\"476EBE1F-66E1-4EF5-8344-BEDA97F306A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.1.2:-:windows:*:*:*:*:*\",\"matchCriteriaId\":\"480ED2AC-0DA4-44DA-A902-8534335077B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.2:-:windows:*:*:*:*:*\",\"matchCriteriaId\":\"77F31F4B-5305-4D75-9277-95EF99A969A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.2.1:-:windows:*:*:*:*:*\",\"matchCriteriaId\":\"C9AD216D-0C95-4843-A1A1-C3C9A6219277\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:3.2.2:-:windows:*:*:*:*:*\",\"matchCriteriaId\":\"04B8652D-BE06-49CB-A636-8B53B2DF9168\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/55014\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/35379\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/37746\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/43068\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.apple.com/kb/HT3613\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2009/dsa-1950\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/35260\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.securityfocus.com/bid/35340\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/1522\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2011/0212\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/51263\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/55014\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/35379\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/37746\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/43068\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT3613\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2009/dsa-1950\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/35260\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.securityfocus.com/bid/35340\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/1522\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2011/0212\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/51263\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.